class R509::Cert::Extensions::OCSPNoCheck

RFC 2560 Description (see: www.ietf.org/rfc/rfc2560.txt)

A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL. CAs issuing such a certificate should realized that a compromise of the responder's key, is as serious as the compromise of a CA key used to sign CRLs, at least for the validity period of this certificate. CA's may choose to issue this type of certificate with a very short lifetime and renew it frequently.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constants

OID

friendly name for OCSP No Check

Public Class Methods

new(arg) click to toggle source

This method takes a hash or an existing Extension object to parse

@option arg :ocsp_no_check [Any] Pass any value. It's irrelevant. @option arg :critical [Boolean] (false)

Calls superclass method
# File lib/r509/cert/extensions/ocsp_no_check.rb, line 29
def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end
  super(arg)
end

Public Instance Methods

to_h() click to toggle source

@return [Hash]

# File lib/r509/cert/extensions/ocsp_no_check.rb, line 37
def to_h
  { :critical => self.critical?  }
end
to_yaml() click to toggle source

@return [YAML]

# File lib/r509/cert/extensions/ocsp_no_check.rb, line 42
def to_yaml
  self.to_h.to_yaml
end

Private Instance Methods

build_extension(arg) click to toggle source
# File lib/r509/cert/extensions/ocsp_no_check.rb, line 48
def build_extension(arg)
  ef = OpenSSL::X509::ExtensionFactory.new
  critical = R509::Cert::Extensions.calculate_critical(arg[:critical], false)
  ef.create_extension("noCheck", "yes", critical)
end